Open source software

From The IT Law Wiki

Contents 1 Overview 2 Proponents 3 Opponents 4 Computer Security 5 Intellectual Property Rights 6 Alleged "Viral" Nature of Open Source Software 7 Third Party Infringement Claims 8 U.S. Government Policy 9 References

[edit] Overview

Open source software (OSS) refers to a computer program whose source code is distributed to the public pursuant to an open source license that requires users of the program to comply with specific contract terms that will insure that the open source software will remain open source. Those license terms generally require that the source code will be distributed along with the software, and that others will be allowed to modify and distribute the source code as desired. Some examples of open source software include the Linux operating system and Apache Web server software.

[edit] Proponents

For proponents, open source software is often viewed as a means to reduce an organization’s dependence on the software products of a few companies while possibly improving the security and stability of one’s computing infrastructure.

[edit] Opponents

For critics, open source software is often viewed as a threat to intellectual property rights with unproven cost and quality benefits. In addition, open source software is ordinarily accompanied by a license that requires users to maintain the program as open source.^[1] Some commentators have expressed concern that these licenses may overreach, converting proprietary programs into open source software even if only a portion of that program was derived from an open source originals.^[2] Others have suggested that open source licenses may not be legally enforceable, which would allow users to obtain and assert intellectual property rights pertaining to software that was initially distributed as open source.^[3]

[edit] Computer Security

So far there appear to be no systematic analyses available that have conclusively compared closed source to open source software on the issue of security. In practice, computer security is highly dependent on how an application is configured, maintained, and monitored. Similarly, the costs of implementing an open source solution are dependent upon factors such as the cost of acquiring the hardware/software, investments in training for IT personnel and end users, maintenance and support costs, and the resources required to convert data and applications to work in the new computing environment.

Consequently, some computer experts suggest that it is not possible to conclude that either open source or closed source software is inherently more secure or more cost efficient.

[edit] Intellectual Property Rights

Intellectual property rights, including copyrights, patents and trade secrets, present another possible set of concerns with respect to open source software. Although a particular computer program may be designated as open source, it remains possible that an owner of intellectual property rights may seek to enforce those rights against open source software developers and users.^[4]

In addition, open source software is ordinarily accompanied by a license that requires users to maintain the program as open source.^[5] Some commentators have expressed concern that these licenses may overreach, converting proprietary programs into open source software even if only a portion of that program was derived from an open source original.^[6] Others have suggested that open source licenses may not be legally enforceable, which would allow users to obtain and assert intellectual property rights pertaining to software that was initially distributed as open source.^[7]

[edit] Alleged "Viral" Nature of Open Source Software

Certain open source licenses have sometimes been described as "viral" in character.^[8] Some individual open source licenses require that the terms of that license apply automatically to each copy of the software, as well as to any modified versions.^[9] Some observers have expressed concerns regarding situations where a programmer, perhaps unknowingly, incorporates some open source code into a larger software package. In these circumstances, the open source portion of the software could "contaminate" the entire [[program. As a result, even though the publisher intended that the program be proprietary, it may be instead be distributed as the open source license stipulates.^[10] In this way, the open source software component would trump any intellectual property rights that the publisher hoped to claim.

Whether a particular open source software is potentially "viral" or not depends upon the individual terms of the accompanying open source license. Some commentators have stated that the Free Software Foundation's GPL is one example of a potentially "viral" license.^[11] Under the GPL, anyone who uses or modifies the software must, upon further distributing that software or a modification of that software, make the source code fully available to the public, free of any proprietary interest. This limitation prevents the software written and distributed under the GPL from being subject to intellectual property rights. As a result, the GPL maintains the "open" nature of the open source code by allowing users to modify and redistribute the software, but requiring that such modifications be made available to anyone under the terms of the GPL.

Notably, under certain conditions the GPL allows users to incorporate open source-derived computer programs into proprietary software packages without subjecting the entire package to the GPL.^[12] According to the Free Software Foundation, in order to avoid the imposition of the GPL upon the entire program, software publishers "must make sure that the free and non-free programs communicate at arms length, that they are not combined in a way that would make them effectively a single program."^[13]

The Free Software Foundation offers as an example the combination of an editor program and a shell program." To expand upon this illustration, suppose that an editor program executes textual commands typed by the user. A shell, or user interface program, might provide a graphical, menu-driven interface so that the user doesn't have to memorize the text commands. The editor could be a proprietary program. The shell might have been developed for individuals who did not wish to learn the text commands, and distributed under the GPL. As the editor can work independently of the shell in this example, the proprietary nature of the editor would be maintained even though the shell was subject to the GPL.72

The functional separation of proprietary and open source software provides one avenue for avoiding the broad application of an open source license to an entire software product. Some observers believe, however, that conformity with this exception imposes substantial compliance burdens. For example, attorneys James A. Harvey and Todd S. McClelland state:

It is therefore a good practice to advise clients with respect to procedures

designed to segregate software that can be licensed as proprietary from that which must be distributed under an open source license. Developing and maintaining procedures to implement these administrative tasks can be very difficult in complex development environments."

Views differ on the supposed "viral" nature of some open source licenses. Representatives of proprietary software firms have expressed concerns that "open source is an intellectual-property destroyer,i74and have reportedly referred to open source software as a "cancer" and "un-American."" Others believe that, in order for open source software to remain open to the public, all programs derived from an open source original should be treated as open source as well.' And, as noted above, some open source licenses take an intermediate position." Although these licenses require that the original software that is distributed with the license remain open source, they allow modifications and upgrades to that code to be "taken private" and be treated as proprietary software.

[edit] Third Party Infringement Claims

Some open source licenses, such as the General Public License (GPL), effectively prevent individuals from asserting intellectual property rights in open source software." This restriction only applies to individuals who have consented to these licenses, however.' Parties not subject to that license are therefore not necessarily prevented from enforcing their intellectual property rights against individuals who use the software. As a result, even though one individual has distributed software that it has designated as open source, another entity may possibly assert that the software infringes an intellectual property right. Such assertions lead to potential conflicts between the intellectual property rights owner and individuals who believe that the software is open to the public.

For example, suppose that a computer scientist, Alpha, invents a new method of sorting data useful for computer programs. Alpha then files a patent application at the USPTO claiming the method. Later, a programmer named Beta independently writes a software program that uses the same data sorting method that Alpha had claimed in his pending application. Unaware of Alpha's patent application, Beta distributes his own software to the public under the GPL. If the USPTO approves of Alpha's application, Alpha could assert claims of patent infringement against anyone using Beta's software. These users would be subject to legal liability, even though the software was believed to be open source, and even though no one had knowledge of the patent infringement.80

This scenario is possible not only for open source software, but also for proprietary software. A software publishing firm may also discover that their products infringe a patent or other intellectual property. However, commercial enterprises may stand in a better position to consider the intellectual property ramifications of their published software than the more diffuse open source community. Such enterprises often perform audits or establish procedures to avoid the use of other's software in their own products.81 Members of the more loosely organized open source community may have less capability to engage in these sorts of efforts.

At least one member of the open source community has addressed possible patent issues with respect to open source software. Red Hat, Inc., a well-known distributor of the open source operating system program called Linux, has presented a "patent promise." Red Hat's promise states in part:

Subject to any qualifications or limitations stated herein, to the extent any party exercises a Patent Right with respect to Open Source/Free Software which reads on any claim of any patent held by Red Hat, Red Hat agrees to refrain from enforcing the infringed patent against such party for such exercise . . . sa

This statement appears to immunize users of open source software from claims of patent infringement by Red Hat, subject to certain qualifications. Red Hat's promise expressly does not cover patents owned by anyone else, however. As a result, users of open source software theoretically face the possibility of infringement' claims by anyone holding a pertinent patent.

The ongoing litigation between the SCO Group and IBM Corporation offers a notable example of third party infringement claims. SCO is the current owner of the source code, as well as certain intellectual property rights, associated with a computer program known as UNIX.83 UNIX, a widely used operating system program, coordinates use of the computer's resources (such as its disk drive or a printer) during the computer's operation.84 Publishers of certain versions of UNIX have declared their programs to be open source software.85

On March 61 2003, SCO filed a lawsuit against IBM, in part asserting that IBM had misappropriated SCO's trade secrets.86 More specifically, SCO contends that IBM accessed its proprietary information when it licensed the UNIX software code from SCO and its predecessors.87 SCO further asserts that IBM then introduced this proprietary UNIX code into its own operating system, AIX, and later into its Linux-based products." IBM has denied these charges and, in turn, has asserted that SCO products infringe IBM copyrights and patents.' As of early 2004, two other open source software vendors, Novell and Red Hat, had also become party to that litigation or to related lawsuits."

In addition to commencing infringement litigation against IBM, SCO has reportedly sent 1,500 letters to other firms. These letters are said to explain that the recipient's use of Linux could expose them to liability, and also to extend an offer of a license." The requested fee is reportedly about $700 for each computer using the Linux code." This demand has in turn animated some observers, such as the Electronic Frontier Foundation, to organize protests against SCO' As well, a consortium of technology companies, including IBM and Intel, have contributed substantial amounts of money towards the "Linux Legal Defense Fund.94 Contributors intend that these sums be used to defray the legal expenses of open source software users who face charges of intellectual property infringement.95

As of the publication date of this report, the lawsuit between SCO and IBM continues in the U.S. District Court for the District of Utah in Salt Lake City. The outcome of this litigation may significantly impact users of Linux and other open source software. It also illustrates the potential tension between intellectual property rights and the open source community. Regardless of the outcome of this particular case, the SCO-IBM dispute demonstrates the possibility of future intellectual property infringement claims against open source software, commenced by individuals who claim not to be subject to the license under which the software was distributed.

[edit] U.S. Government Policy

The official U.S. federal government policy regarding the use of open source software by government agencies is described in a July 2004 Office of Management and Budget (OMB) memorandum on software acquisition, M-04-16 Memoranda for Senior Procurement Executives, Chief Information Officers, Software Acquisition. The memorandum states that the policies guiding government information technology investment decisions are “technology and vendor neutral” and that agencies’ technology choices “must be consistent with the agency’s enterprise architecture and the Federal Enterprise Architecture.”

Agencies are also instructed to take into account a number of other merit-based factors, including information security, licensing requirements, and total cost of ownership. Implicit in these requirements is an expectation that agencies will also make choices based on the quality of the product.

[edit] References

1. ↑ Natasha T. Home, "Open Source Software Licensing: Using Copyright Law to Encourage Free Use," 17 Georgia State Univ. L. Rev. 863 (2001).
2. ↑ Christian H. Nadan, "Open Source Licensing: Virus or Virtue?,"10 Tex. Intell. Prop. L.J. 349 (2002).
3. ↑ Dennis M. Kennedy, "A Primer on Open Source Licensing Legal Issues: Copyright, Copyleft and the Future," 20 St. Louis Univ. Pub. L. Rev. 345 (2001).
4. ↑ See James A. Harvey & Todd S. McClelland,"SCO v. IBM: The Open Source Benefits and Risks Are Real," 20 Computer & Internet Law., Sept. 2003, at 1.
5. ↑ Natasha T. Home, "Open Source Software Licensing: Using Copyright Law to Encourage Free Use," 17 Ga. St. Univ. L. Rev. 863 (2001).
6. ↑ Christian H. Nadan, "Open Source Licensing: Virus or Virtue?,"10 Tex. Intel. Prop. L.J. 349 (2002).
7. ↑ Dennis M. Kennedy, "A Primer on Open Source Licensing Legal Issues: Copyright, Copyleft and the Future," 20 St. Louis Univ. Pub. L. Rev. 345 (2001).
8. ↑ Christian H. Nadan, "Open Source Licensing: Virus or Virtue?," 10 Tex. Intel. Prop. L.J. 349 (2002).
9. ↑ Robert W. Gomulkiewicz, "How Copyleft Uses License Rights to Succeed in the Open Source Software Revolution and the Implications for Article 2B," 36 Houston L. Rev. 179 (1999).
10. ↑ Christian H. Nadan, "Open Source Licensing: Virus or Virtue?," 10 Tex. Intel. Prop. L.J. 349 (2002).
11. ↑ Thomas M. Pitegoff, "Open Source, Open World: NeBusiness," 11 Bus. L. Today, Sept.-Oct. 2001, at 52.
12. ↑ See Free Software Foundation, Frequently Asked Questions about the GNU GPL, available at http:/Jwww.gnu.org/licenses/gpl-faq.html#GPLInProprietarySystem.
13. ↑ Id.